[xine-devel] [PATCH] Fix buffer overflow in HTTP input plugin

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The attached patch fixes a buffer overflow condition in the HTTP input plugin 
that is likely to be exploitable. Probably the error condition used is not 
the right one, but I needed a quick patch and this should work.

References:
- Gentoo Bug #134951 https://bugs.gentoo.org/show_bug.cgi?id=134951
- "exploit" code: http://www.milw0rm.com/exploits/download/1852

To reproduce, start the command

perl -e 'print "A"x"9500"' | nc -lp 8080 (you'll need netcat)

and then open xine http://localhost:8080/foo.mpg

(note: the bug starts referring to gxine but it's not gxine fault, I can 
reproduce the problem with all xine frontends).

HTH,
-- 
Diego "Flameeyes" Pettenò - http://farragut.flameeyes.is-a-geek.org/
Gentoo/Alt lead, Gentoo/FreeBSD, Video, AMD64, Sound, PAM, KDE